apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: kubed-operator
  labels:
    app: kubed
rules:
- apiGroups:
  - voyager.appscode.com
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - monitoring.appscode.com
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - stash.appscode.com
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - kubedb.com
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - monitoring.coreos.com
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - extensions
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups:
  - apps
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: [""]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: [""]
  resources:
  - configmaps
  - secrets
  verbs: ["get", "create", "update"]
- apiGroups: ["autoscaling"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["batch"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["authorization.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["abac.authorization.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["authentication.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
- apiGroups: ["certificates.k8s.io"]
  resources: ["*"]
  verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubed-operator
  labels:
    app: kubed
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubed-operator
subjects:
- kind: ServiceAccount
  name: kubed-operator
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubed-operator
  namespace: kube-system
  labels:
    app: kubed
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kubed-operator
  namespace: kube-system
  labels:
    app: kubed
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: kubed
    spec:
      serviceAccountName: kubed
      containers:
      - name: kubed
        image: appscode/kubed:0.2.0
        imagePullPolicy: IfNotPresent
        args:
        - run
        - --v=3
        - --api.address=:8080
        - --web.address=:56790
        ports:
        - containerPort: 8080
          name: api
          protocol: TCP
        - containerPort: 56790
          name: web
          protocol: TCP
        volumeMounts:
          - name: config
            mountPath: /srv/kubed
          - name: scratch
            mountPath: /tmp
      volumes:
        - name: config
          secret:
            secretName: kubed-config
        - name: scratch
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: kubed-operator
  namespace: kube-system
  labels:
    app: kubed
spec:
  ports:
  - name: api
    port: 8080
    targetPort: api
  - name: web
    port: 56790
    targetPort: web
  selector:
    app: kubed